Re: [Freeipa-users] FreeIPA 4.2.0 / CentOS 7.2 / DNS Strangeness (Sub-domains)
Please always include ipa-users list when replying. On 6.1.2016 11:48, Devin wrote: > Jan 06 01:37:45 idm.servers.lnx.ninja named-pkcs11[5524]: zone > lnx.ninja/IN: NS 'idm.servers.lnx.ninja' has no address records (A or ) > Jan 06 01:37:45 idm.servers.lnx.ninja named-pkcs11[5524]: zone > lnx.ninja/IN: not loaded due to errors. > Jan 06 01:37:45 idm.servers.lnx.ninja named-pkcs11[5524]: zone > servers.lnx.ninja/IN: loaded serial 1452044265 Apparently the zone lnx.ninja does not contain any (A or ) records for name idm.servers.lnx.ninja listed in NS record. You need to fix this (add so-called glue record) otherwise BIND will not load that zone. I hope this helps. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA 4.2.0 / CentOS 7.2 / DNS Strangeness (Sub-domains)
On 6.1.2016 08:25, Petr Spacek wrote: > On 6.1.2016 06:42, Devin wrote: >> I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a >> fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the >> Kerberos domain as LNX.NINJA. Everything installs just fine without any >> issues, and even when I log into FreeIPA and go to the DNS Manager i see >> that it created a few zones as I would have expected (ie: Reverse zone for >> 10.10.10.x, lnx.ninja zone, and servers.lnx.ninja zone. What I notice is >> that if I try to do a DNS query for any record on the (lnx.ninja) zone it >> fails even though there are records there, and if I query any records >> inside the servers.lnx.ninja zone they work just fine. What I can't >> understand is why are my DNS queries dying on the (lnx.ninja) zone. >> >> So for my test I created 2 (A) records one inside (lnx.ninja) and one >> inside (servers.lnx.ninja). What would cause any DNS queries to lnx.ninja >> to not succeed? I have duplicated this issue multiple times with several >> other VM's using different domains and they have have same issue. Any >> advise is appreciated! >> >> [root@idm ~]# dig @localhost blah.lnx.ninja >> >> ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost blah.lnx.ninja >> ; (2 servers found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50913 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;blah.lnx.ninja. IN A >> >> ;; Query time: 1 msec >> ;; SERVER: ::1#53(::1) >> ;; WHEN: Wed Jan 06 05:30:15 UTC 2016 >> ;; MSG SIZE rcvd: 43 >> >> [root@idm ~]# dig @localhost blah.servers.lnx.ninja >> >> ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost >> blah.servers.lnx.ninja >> ; (2 servers found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64481 >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;blah.servers.lnx.ninja. IN A >> >> ;; ANSWER SECTION: >> blah.servers.lnx.ninja. 86400 IN A 10.10.10.1 >> >> ;; AUTHORITY SECTION: >> servers.lnx.ninja. 86400 IN NS idm.servers.lnx.ninja. >> >> ;; ADDITIONAL SECTION: >> idm.servers.lnx.ninja. 1200 IN A 10.10.10.10 >> >> ;; Query time: 0 msec >> ;; SERVER: ::1#53(::1) >> ;; WHEN: Wed Jan 06 05:30:32 UTC 2016 >> ;; MSG SIZE rcvd: 101 > > > Hello, > > this is strange, but I do not have sufficient information right now. > > Please add following information: > # list all configured DNS master zones > $ ipa dnszone-find > > # list all DNS forward zones > $ ipa dnsforwardzone-find > > # tell us exact RPM versions > $ rpm -q bind bind-dyndb-ldap ipa-server Ee, I forgot to ask for logs from named-pkcs11 service: Please run $ journalctl -u named-pkcs11 and look for messages related to the zone which has problems. I'm sorry for the noise :-) -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA 4.2.0 / CentOS 7.2 / DNS Strangeness (Sub-domains)
On 6.1.2016 06:42, Devin wrote: > I am noticing a very strange issue with FreeIPA, I installed FreeIPA on a > fresh Virtual Machine called (idm.servers.lnx.ninja) and registered the > Kerberos domain as LNX.NINJA. Everything installs just fine without any > issues, and even when I log into FreeIPA and go to the DNS Manager i see > that it created a few zones as I would have expected (ie: Reverse zone for > 10.10.10.x, lnx.ninja zone, and servers.lnx.ninja zone. What I notice is > that if I try to do a DNS query for any record on the (lnx.ninja) zone it > fails even though there are records there, and if I query any records > inside the servers.lnx.ninja zone they work just fine. What I can't > understand is why are my DNS queries dying on the (lnx.ninja) zone. > > So for my test I created 2 (A) records one inside (lnx.ninja) and one > inside (servers.lnx.ninja). What would cause any DNS queries to lnx.ninja > to not succeed? I have duplicated this issue multiple times with several > other VM's using different domains and they have have same issue. Any > advise is appreciated! > > [root@idm ~]# dig @localhost blah.lnx.ninja > > ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost blah.lnx.ninja > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50913 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;blah.lnx.ninja. IN A > > ;; Query time: 1 msec > ;; SERVER: ::1#53(::1) > ;; WHEN: Wed Jan 06 05:30:15 UTC 2016 > ;; MSG SIZE rcvd: 43 > > [root@idm ~]# dig @localhost blah.servers.lnx.ninja > > ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> @localhost > blah.servers.lnx.ninja > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64481 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;blah.servers.lnx.ninja. IN A > > ;; ANSWER SECTION: > blah.servers.lnx.ninja. 86400 IN A 10.10.10.1 > > ;; AUTHORITY SECTION: > servers.lnx.ninja. 86400 IN NS idm.servers.lnx.ninja. > > ;; ADDITIONAL SECTION: > idm.servers.lnx.ninja. 1200 IN A 10.10.10.10 > > ;; Query time: 0 msec > ;; SERVER: ::1#53(::1) > ;; WHEN: Wed Jan 06 05:30:32 UTC 2016 > ;; MSG SIZE rcvd: 101 Hello, this is strange, but I do not have sufficient information right now. Please add following information: # list all configured DNS master zones $ ipa dnszone-find # list all DNS forward zones $ ipa dnsforwardzone-find # tell us exact RPM versions $ rpm -q bind bind-dyndb-ldap ipa-server Thank you. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
